<?php

// Acl.php
// Michael Baker
// c. 2008; revised 2010-07-22
//
// handles access control

if ( !defined( "IN_MDM" ) )
  exit;
  
require_once( "Database.php" );

function get_username( $uid ) {
  // returns the username associated with the given user ID
  
  global $dbase;
  $uid = mysql_real_escape_string( $uid );
  
  $query = "SELECT `username` FROM WebACLUsers WHERE `id`='$uid'";
  $dbase->execute( $query );
  
  if ( $dbase->numrows() )
  {
    $row = $dbase->fetchone();
    return $row[ 0 ];
  }
  
  return false;
}

function get_userid( $uname ) {
  // returns the ID associated with the given username
  
  global $dbase;
  $uname = mysql_real_escape_string( $uname );
  
  $query = "SELECT `id` FROM WebACLUsers WHERE `username`='$uname'";
  $dbase->execute( $query );
  
  if ( $dbase->numrows() )
  {
    $row = $dbase->fetchone();
    return $row[ 0 ];
  }
  
  return false;
}

function get_flags( $uid ) {
  // returns an array of the user's string flags

  global $dbase;
  $uid = mysql_real_escape_string( $uid );
  
  if ( !get_username( $uid ) ) {
    // user does not exist
    throw new Exception( "Failed to get ACL flags: UserID $uid does not exist" );
  }
  
  $query = "SELECT `flag_name` FROM WebACLFlags WHERE `user_id`='$uid'";
  $dbase->execute( $query );
  
  // Populate an array of flags
  $flags = array();

  for ( $ctr = 0; $ctr < $dbase->numrows(); $ctr++ )
  {
    $row = $dbase->fetchone();
    $flags[]  = $row[ 0 ];
  }
  
  return $flags;
}

function is_public_feature( $flag ) {return true;}

function has_flag( $uid, $flag ) {
  // return whether the user ID has a certain flag

  if ( !get_username( $uid ) )
    throw new Exception( "Failed to check ACL flag: UserID $uid does not exist" );
  
  $flags = get_flags( $uid );
  return ( in_array( $flag, $flags ) || in_array( "super", $flags ) );
}

function add_user( $uname, $pwd ) {
  // adds a cleartext username and password to the ACL with no flags
  
  global $dbase;
  if ( get_userid( $uname ) )
    throw new Exception( "Failed to add ACL user: Username $uname already exists" );
  
  $uname = mysql_real_escape_string( $uname );

  $pwhash = md5( $pwd );
  $query = "INSERT INTO WebACLUsers ( `username`, `password` ) VALUES ( '$uname', '$pwhash' )";
  $dbase->execute( $query );
}

function delete_user( $uid ) {
  // removes a user ID (and all their flags) from the ACL
  
  global $dbase;
  $uid = mysql_real_escape_string( $uid );
  
  if ( !get_username( $uid ) )
    throw new Exception( "Failed to delete ACL user: UserID $uid does not exist" );
  
  $query = "DELETE FROM WebACLUsers WHERE id='$uid'";
  $dbase->execute( $query );
  $query = "DELETE FROM WebACLFlags WHERE user_id='$uid'";
  $dbase->execute( $query );
}

function grant_flag( $uid, $flag ) {
  // grants a user ID a certain flag (checks for prior existence)
  
  global $dbase;
  $flag = mysql_real_escape_string( $flag );
  $uid = mysql_real_escape_string( $uid );
  
  // Calling has_permission here could invoke USER_NOEXIST
  if ( has_permission( $uid, $flag ) )
    throw new Exception( "Failed to grant ACL flag: UserID $uid already has flag $flag" );
  
  $query = "INSERT INTO WebACLFlags ( `user_id`, `flag_name` ) VALUES ( '$uid', '$flag' )";
  $dbase->execute( $query );
}

function revoke_flag( $uid, $flag ) {
  // revokes a certain flag from a user ID (checks for prior existence)
  
  global $dbase;
  $flag = mysql_real_escape_string( $flag );
  $uid = mysql_real_escape_string( $uid );
  
  // Calling has_permission here could invoke USER_NOEXIST
  if ( !has_permission( $userid, $flag ) )
    throw new Exception( "Failed to revoke ACL flag: UserID $uid does not have flag $flag" );
  
  $query = "DELETE FROM WebACLFlags WHERE user_id='$uid' AND flag_name='$flag'";
  $dbase->execute( $query );
}

function login( $uname, $pwd ) {
  // returns whether a login was successful
  
  global $dbase;
  $uname = mysql_real_escape_string( $uname );
  $pwhash = md5( $pwd );
  
  $query = "SELECT id FROM WebACLUsers WHERE username='$uname' ";
  $query .= "AND password='$pwhash'";
  $dbase->execute( $query );
  
  $numrows = $dbase->numrows();
  
  if ( $numrows ) {
    $row = $dbase->fetchone();
    return $row[ 0 ];
  }
  return false;
}

function set_password( $uid, $pwd ) {
  // set a user's password

  global $dbase;
  $uid = mysql_real_escape_string( $uid );
  $pwhash = md5( $pwd );
  
  $query = "UPDATE WebACLUsers SET password='$pwhash' WHERE id='$uid'";
  $dbase->execute( $query );
}

?>